PingID Administration Guide

Integrate with PingID for PingOne SSO

If you have an existing legacy PingOne for Enterprise account, you can use an authentication policy to enable PingID as a secondary authentication solution for PingOne SSO.

This integration is for PingID accounts that are using PingID with PingOne for Enterprise (legacy). If you are using PingID with the current PingOne platform, follow the instructions here

Configure and manage the PingID service using the PingOne for Enterprise admin portal. For more information, see Configure the PingID service.

How it works: PingOne secondary authentication with PingID

A diagram illustrating as a secondary authentication source with .

  1. A user with PingOne as their identity provider (IdP) signs on to a service provider’s (SP) resource. After PingOne successfully validates the user’s credentials, it sends a request to the PingID server to authenticate the user.

  2. PingID sends a request through the notification server to the PingID app installed on the user’s mobile device.

  3. The mobile notification server sends a notification to the PingID mobile app, and the user approves the sign-on request using the PingID mobile app.

  4. PingID initiates an out-of-band authentication (OOBA) of the user.

  5. The PingID server sends an authorization reply to the SP, which completes the sign-on process.